HTTP: Microsoft Windows Metafile SetPalette Entries Heap Overflow
This signature detects Windows MetaFile (WMF) images being downloaded through HTTP. Malformed WMF files can trigger a known vulnerability in several Windows versions. WMF files are generally not sent over the Internet aside from publishing industries. Networks that routinely transfer WMF files should consider not including this signature in a security policy.
Extended Description
Microsoft Windows WMF graphics rendering engine is affected by a remote code execution vulnerability. The problem presents itself when a user views a malicious WMF formatted file, triggering the vulnerability when the engine attempts to parse the file. A malicious file can cause an integer overflow that may facilitate heap memory corruption and arbitrary code execution. Any code execution that occurs will be with SYSTEM privileges due to the nature of the affected engine. Successful exploitation can facilitate a remote compromise or local privilege escalation.
Affected Products
Avaya s8100_media_servers,Microsoft windows_xp_media_center_edition
Short Name
HTTP:STC:IMG:WMF-SETPALETTE
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2005-2124 CVE-2007-3034 Entries Heap Metafile Microsoft Overflow SetPalette Windows bid:15356 bid:25302
Release Date
12/05/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3727
False Positive
Unknown
Vendors
Microsoft
Avaya
CVSS Score
9.3
7.6